<?php

$currPW = $_POST["currPW"];
$newPW = $_POST["newPW"];
$userID= $_POST["userID"];
if($currPW != "" && $newPW != "" && $userID != "")
	connect_database();

function connect_database(){
		$mysqli = new mysqli('localhost', 'root', '', 'gluphien');
		//echo $DBConnect;
		if ($mysqli->connect_errno)
			echo "<p>Connection Failed.</p>";
		//	correct userid found
		$found = false;
		//	currPW was correct
		$correct = false;
		$SQLstring = "SELECT userID, username, password FROM `users`";
		if($result = $mysqli->query($SQLstring)){
			while(($Row = $result->fetch_row()) && $found == false) {
				if($GLOBALS["userID"] == $Row[0] && $GLOBALS["currPW"] == $Row[2])
					$correct = true;
			}
		}

		if($correct){
			$SQLstring = "UPDATE `users` SET password='" . $GLOBALS["newPW"] . "' WHERE userID='" . $GLOBALS["userID"] . "'";
			if (mysqli_query($mysqli, $SQLstring) === TRUE) {
				echo "Successfully changed password";
			}
			else
			{
				echo $mysqli->error();
			}
		}
		$mysqli->close();
	}
?>